OpenSC releases are made roughly once a year, unless important security is discovered.

OpenSC does not release micro updates for previously released versions and does not backport security fixes into them. Only the last release is supported.

If you discovered security vulnerability in supported version of OpenSC, you can either report it with a button "Report a vulnerability" in Security tab (Do not create normal public issue with security relevant information!) or you can send email to any recently active project developers frankmorgner(at)gmail.com, deengert(at)gmail.com and/or jakuje(at)gmail.com .

You can expect update on the issue no later than in two weeks.